Gros problème avec SYSTEM SECURITY
Résolu/Fermé
PwnedbyMalwares
Messages postés
6
Date d'inscription
mardi 14 juillet 2009
Statut
Membre
Dernière intervention
18 août 2009
-
14 juil. 2009 à 20:44
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 - 17 oct. 2009 à 13:26
fix200 Messages postés 3243 Date d'inscription dimanche 28 décembre 2008 Statut Contributeur sécurité Dernière intervention 7 février 2011 - 17 oct. 2009 à 13:26
A voir également:
- Gros problème avec SYSTEM SECURITY
- Reboot system now - Guide
- Cette action ne peut pas être réalisée car le fichier est ouvert dans system - Guide
- Microsoft security essentials - Télécharger - Antivirus & Antimalwares
- Fichier ouvert dans system ✓ - Forum Windows
- Security health systray ✓ - Forum Windows 10
50 réponses
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
14 sept. 2009 à 16:53
14 sept. 2009 à 16:53
Re
Allez Allez PwnedbyMalwares ;)
^^
Allez Allez PwnedbyMalwares ;)
^^
PwnedbyMalwares
Messages postés
6
Date d'inscription
mardi 14 juillet 2009
Statut
Membre
Dernière intervention
18 août 2009
15 sept. 2009 à 04:13
15 sept. 2009 à 04:13
Voici déjà le rapport de Combofix, Gmer est en cours. Désolé pour l'absence, mais c'est la rentrée, programme excessivement chargé ces derniers temps.
Note : ça n'a pas fait comme vous me l'aviez décrit, ça a bien reboot le programme, mais ça ne m'a pas proposé de taper 1 ou 2...
ComboFix 09-09-06.06 - Marie Josée 14/09/2009 21:53.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.180 [GMT -4:00]
Running from: c:\documents and settings\Marie Josée\Bureau\TapeMoi.exe
Command switches used :: c:\documents and settings\Marie Josée\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
"c:\windows\system32\3712425417.dat"
"c:\windows\system32\acluik.sys"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\3712425417.dat
c:\windows\system32\acluik.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.
2009-08-26 19:37 . 2009-08-26 19:37 -------- d-----w- c:\documents and settings\Dadaille\Application Data\Malwarebytes
2009-08-24 15:00 . 2009-08-24 15:00 -------- d-----w- C:\Kill'em
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 01:55 . 2007-05-17 15:11 141826080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 01:52 . 2006-09-23 14:11 -------- d-----w- c:\program files\SuperCopier2
2009-09-14 17:44 . 2007-05-17 15:11 4466720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-14 17:44 . 2007-05-17 15:11 420560 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-14 17:44 . 2007-05-17 15:11 1900904 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 18:35 . 2009-06-28 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:57 . 2009-07-27 20:57 23040 --sha-w- c:\windows\system32\algp.dll
2009-07-24 19:59 . 2006-09-30 15:30 -------- d-----w- c:\program files\France Télécom ADSL
2009-07-21 23:52 . 2009-07-21 23:52 -------- d-----w- c:\documents and settings\Administrateur.GWADADA\Application Data\SUPERAntiSpyware.com
2009-07-17 18:12 . 2007-08-24 00:12 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 18:41 . 2004-08-05 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-16 18:41 . 2004-08-05 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-26 20:29 . 2009-03-28 03:41 156 ----a-w- c:\windows\system32\jpg.dat
2009-06-17 15:27 . 2009-06-28 18:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-28 18:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-02-16 23:32 . 2007-02-16 23:31 236 ----a-w- c:\program files\PerfectLameXP.bat
2007-02-16 23:29 . 2007-02-16 23:29 4828 ----a-w- c:\program files\ST6UNST.LOG
2006-06-22 03:54 . 2008-03-01 16:46 743936 ----a-w- c:\program files\Promesse Patcher.exe
2002-05-26 00:29 . 2002-05-26 00:29 179 ----a-w- c:\program files\Important.txt
2002-05-26 00:27 . 2002-05-26 00:27 294912 ----a-w- c:\program files\PerfectLameXP.exe
2002-03-16 12:05 . 2002-03-16 12:05 489 ----a-w- c:\program files\PerfectLameXP.exe.manifest
2001-07-06 00:51 . 2001-07-06 00:51 495616 ----a-w- c:\program files\Lame.exe
1999-04-06 17:27 . 1999-04-06 17:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
------- Sigcheck -------
[-] C34920EB988CE98910BD6B0417F334EB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 4D88AAF39ADABFE45958EA1384E2C4FF [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[7] E46FB493E3B33704F0715020CF52106B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] 0DF75FB73F705B011630159A43D7C354 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[7] E853F84D3CE2FAA2A802E33CF89AC023 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\user32.dll
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\explorer.exe
[-] B795475444D6D57A572C14B9E1A29839 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 90E794C5D2D368686FE71B4A0354462C [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[7] F2317622D29F9FF0F88AEECD5F60F0DD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe
[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] B4EF928E4FAD79364A80ACBA6D999934 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 460E4CE148BD07218DA0B6A3D31885A9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\system32\spoolsv.exe
[-] C9FA05D271A0066764FE75BE38E24D69 [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2490CAE37DB8B6EC55E7A9415473D0AB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[7] 8E5231171AD6595FF002E848CC54FCD7 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\system32\tapisrv.dll
[-] 31748843AD5811351B115CC52CEA8D77 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[7] 624CF700BBFD8BE4097AAA146E6BD363 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[7] BE0CB143FA427D93440DED18DB8C918B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\system32\netman.dll
[-] D9BD4CCA0533401B6609E47FF74F40DC [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 9D21BC0235494F2B403026A1D3619E00 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[7] 5C64008E661307C4A3C3C25D9086CDE7 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\system32\linkinfo.dll
[-] 385DB2591BF11955F26E0A97728B1B31 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 168AE9938F6BE31D198AF92496CCFA33 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[7] BD8166A495B02308F364B36249475F22 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\upnphost.dll
[-] 1839CDF416A5AA8BF2EFE377F57452CC [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[7] B590E69A45AE8FCBF7DDADE89CCE3588 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[7] B9F20D71E5B6CE89A7A94B38351FDBDC [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-21 2068527]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FDFWATCH"="c:\progra~1\FRANCE~1\Watch.exe" [2003-07-17 20480]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-17 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"GSICONEXE"="GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-01-22 90112]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2002-01-22 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Marie Jos‚e\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-6-24 3428864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-9-10 839680]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\RaTaM-ScRiPtV3\\RaTaM-ScRiPtV3.0\\RaTaM-ScRiPtV3.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\fichiers\\Bobot v1.40 Binaries\\Bobot.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12652:TCP"= 12652:TCP:NortonAV
"16748:TCP"= 16748:TCP:NortonAV
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S2 gafwload;ECI Telecom USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [30/09/2006 11:36 26987]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [10/09/2008 15:07 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [10/09/2008 15:07 114616]
S3 npkycryp;npkycryp;\??\c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys --> c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [21/10/2006 18:27 152576]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [11/10/2008 23:55 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [11/10/2008 23:55 37440]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2007-01-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8159753047.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
2009-09-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 21:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MARIEJ~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-15 21:59
ComboFix-quarantined-files.txt 2009-09-15 01:58
ComboFix2.txt 2009-09-09 21:28
Pre-Run: 18 041 790 464 octets libres
Post-Run: 18 009 952 256 octets libres
238 --- E O F --- 2009-07-22 21:29
Note : ça n'a pas fait comme vous me l'aviez décrit, ça a bien reboot le programme, mais ça ne m'a pas proposé de taper 1 ou 2...
ComboFix 09-09-06.06 - Marie Josée 14/09/2009 21:53.3.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.180 [GMT -4:00]
Running from: c:\documents and settings\Marie Josée\Bureau\TapeMoi.exe
Command switches used :: c:\documents and settings\Marie Josée\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
- REDUCED FUNCTIONALITY MODE -
FILE ::
"c:\windows\system32\3712425417.dat"
"c:\windows\system32\acluik.sys"
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((((((((((((((((( Other Deletions )))))))))))))))))))))))))))))))))))))))))))))))))
.
.
---- Previous Run -------
.
c:\windows\system32\3712425417.dat
c:\windows\system32\acluik.sys
.
((((((((((((((((((((((((( Files Created from 2009-08-15 to 2009-09-15 )))))))))))))))))))))))))))))))
.
2009-08-26 19:37 . 2009-08-26 19:37 -------- d-----w- c:\documents and settings\Dadaille\Application Data\Malwarebytes
2009-08-24 15:00 . 2009-08-24 15:00 -------- d-----w- C:\Kill'em
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-15 01:55 . 2007-05-17 15:11 141826080 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-15 01:52 . 2006-09-23 14:11 -------- d-----w- c:\program files\SuperCopier2
2009-09-14 17:44 . 2007-05-17 15:11 4466720 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-14 17:44 . 2007-05-17 15:11 420560 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-14 17:44 . 2007-05-17 15:11 1900904 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 18:35 . 2009-06-28 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:57 . 2009-07-27 20:57 23040 --sha-w- c:\windows\system32\algp.dll
2009-07-24 19:59 . 2006-09-30 15:30 -------- d-----w- c:\program files\France Télécom ADSL
2009-07-21 23:52 . 2009-07-21 23:52 -------- d-----w- c:\documents and settings\Administrateur.GWADADA\Application Data\SUPERAntiSpyware.com
2009-07-17 18:12 . 2007-08-24 00:12 -------- d-----w- c:\program files\Messenger Plus! Live
2009-07-16 18:41 . 2004-08-05 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-16 18:41 . 2004-08-05 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-26 20:29 . 2009-03-28 03:41 156 ----a-w- c:\windows\system32\jpg.dat
2009-06-17 15:27 . 2009-06-28 18:26 38160 ----a-w- c:\windows\system32\drivers\mbamswissarmy.sys
2009-06-17 15:27 . 2009-06-28 18:26 19096 ----a-w- c:\windows\system32\drivers\mbam.sys
2007-02-16 23:32 . 2007-02-16 23:31 236 ----a-w- c:\program files\PerfectLameXP.bat
2007-02-16 23:29 . 2007-02-16 23:29 4828 ----a-w- c:\program files\ST6UNST.LOG
2006-06-22 03:54 . 2008-03-01 16:46 743936 ----a-w- c:\program files\Promesse Patcher.exe
2002-05-26 00:29 . 2002-05-26 00:29 179 ----a-w- c:\program files\Important.txt
2002-05-26 00:27 . 2002-05-26 00:27 294912 ----a-w- c:\program files\PerfectLameXP.exe
2002-03-16 12:05 . 2002-03-16 12:05 489 ----a-w- c:\program files\PerfectLameXP.exe.manifest
2001-07-06 00:51 . 2001-07-06 00:51 495616 ----a-w- c:\program files\Lame.exe
1999-04-06 17:27 . 1999-04-06 17:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
------- Sigcheck -------
[-] C34920EB988CE98910BD6B0417F334EB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 4D88AAF39ADABFE45958EA1384E2C4FF [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[7] E46FB493E3B33704F0715020CF52106B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] 0DF75FB73F705B011630159A43D7C354 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[7] E853F84D3CE2FAA2A802E33CF89AC023 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\user32.dll
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\explorer.exe
[-] B795475444D6D57A572C14B9E1A29839 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 90E794C5D2D368686FE71B4A0354462C [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[7] F2317622D29F9FF0F88AEECD5F60F0DD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe
[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] B4EF928E4FAD79364A80ACBA6D999934 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 460E4CE148BD07218DA0B6A3D31885A9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\system32\spoolsv.exe
[-] C9FA05D271A0066764FE75BE38E24D69 [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2490CAE37DB8B6EC55E7A9415473D0AB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[7] 8E5231171AD6595FF002E848CC54FCD7 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\system32\tapisrv.dll
[-] 31748843AD5811351B115CC52CEA8D77 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[7] 624CF700BBFD8BE4097AAA146E6BD363 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[7] BE0CB143FA427D93440DED18DB8C918B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\system32\netman.dll
[-] D9BD4CCA0533401B6609E47FF74F40DC [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 9D21BC0235494F2B403026A1D3619E00 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[7] 5C64008E661307C4A3C3C25D9086CDE7 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\system32\linkinfo.dll
[-] 385DB2591BF11955F26E0A97728B1B31 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 168AE9938F6BE31D198AF92496CCFA33 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[7] BD8166A495B02308F364B36249475F22 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\upnphost.dll
[-] 1839CDF416A5AA8BF2EFE377F57452CC [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[7] B590E69A45AE8FCBF7DDADE89CCE3588 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[7] B9F20D71E5B6CE89A7A94B38351FDBDC [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-21 2068527]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FDFWATCH"="c:\progra~1\FRANCE~1\Watch.exe" [2003-07-17 20480]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-17 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"GSICONEXE"="GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-01-22 90112]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2002-01-22 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Marie Jos‚e\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-6-24 3428864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-9-10 839680]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\RaTaM-ScRiPtV3\\RaTaM-ScRiPtV3.0\\RaTaM-ScRiPtV3.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\fichiers\\Bobot v1.40 Binaries\\Bobot.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12652:TCP"= 12652:TCP:NortonAV
"16748:TCP"= 16748:TCP:NortonAV
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S2 gafwload;ECI Telecom USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [30/09/2006 11:36 26987]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [10/09/2008 15:07 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [10/09/2008 15:07 114616]
S3 npkycryp;npkycryp;\??\c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys --> c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [21/10/2006 18:27 152576]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [11/10/2008 23:55 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [11/10/2008 23:55 37440]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2007-01-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8159753047.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
2009-09-15 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-14 21:55
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MARIEJ~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(2444)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-15 21:59
ComboFix-quarantined-files.txt 2009-09-15 01:58
ComboFix2.txt 2009-09-09 21:28
Pre-Run: 18 041 790 464 octets libres
Post-Run: 18 009 952 256 octets libres
238 --- E O F --- 2009-07-22 21:29
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
15 sept. 2009 à 15:18
15 sept. 2009 à 15:18
Salut
Moi aussi mon programme est très chargé hihi ;))
J'attends donc le rapport ...
++
Moi aussi mon programme est très chargé hihi ;))
J'attends donc le rapport ...
++
PwnedbyMalwares
Messages postés
6
Date d'inscription
mardi 14 juillet 2009
Statut
Membre
Dernière intervention
18 août 2009
18 sept. 2009 à 03:51
18 sept. 2009 à 03:51
Voici le rapport, que j'ai upload sur cijoint. J'essaie de le poster depuis environ deux jours mais ça marche pas. Test encore :
http://www.cijoint.fr/cjlink.php?file=cj200909/cijq5LWlmJ.txt
http://www.cijoint.fr/cjlink.php?file=cj200909/cijq5LWlmJ.txt
Vous n’avez pas trouvé la réponse que vous recherchez ?
Posez votre question
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
18 sept. 2009 à 11:02
18 sept. 2009 à 11:02
Re,
Il reste une trace du rootkit ...
/!\ Attention /!\
|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|
▶ Copie le texte ci-dessous :
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub]
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé.
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
=======
Repasse Gmer et colle le rapport via cijoint.
_________
A+ & Bon courage :)
Il reste une trace du rootkit ...
/!\ Attention /!\
|=> Script écrit spécialement pour cet ordinateur , toute autre transportation pourrait endommager sévèrement votre système <=|
▶ Copie le texte ci-dessous :
Registry::
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub]
▶ Ouvre le Bloc-Notes puis colle le texte copié.
(Démarrer\Tous les programmes\Accessoires\Bloc notes.)
▶ Sauvegarde ce fichier sous le nom de CFScript.txt
▶ /!\ Déconnecte ton PC d'Internet et referme les fenêtres de tous les programmes en cours. /!\
▶ (!) Désactive provisoirement (et seulement le temps de l'utilisation de ComboFix), la protection en temps réel de ton Antivirus et de tes Antispywares et de TOUT tes logiciels de protection (!).
▶ Glisse maintenant le fichier CFScript.txt dans Combofix.exe comme ceci
=> Cela va relancer Combofix,
▶ Une fenêtre bleue va apparaître: au message qui apparaît ( Type 1 to continue, or 2 to abort) , tape 1 puis valide.
▶ Patiente le temps du scan.Le bureau va disparaître à plusieurs reprises: c'est normal!
/!\ Ne touche à rien tant que le scan n'est pas terminé.
▶ Après redémarrage, poste le contenu du rapport Combofix.txt
=======
Repasse Gmer et colle le rapport via cijoint.
_________
A+ & Bon courage :)
PwnedbyMalwares
Messages postés
6
Date d'inscription
mardi 14 juillet 2009
Statut
Membre
Dernière intervention
18 août 2009
19 sept. 2009 à 15:09
19 sept. 2009 à 15:09
Voici le rapport de ComboFix :
ComboFix 09-09-06.06 - Marie Josée 18/09/2009 19:28.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.162 [GMT -4:00]
Running from: c:\documents and settings\Marie Josée\Bureau\TapeMoi.exe
Command switches used :: c:\documents and settings\Marie Josée\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-08-26 19:37 . 2009-08-26 19:37 -------- d-----w- c:\documents and settings\Dadaille\Application Data\Malwarebytes
2009-08-24 15:00 . 2009-08-24 15:00 -------- d-----w- C:\Kill'em
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 23:29 . 2007-05-17 15:11 141878048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-18 23:29 . 2007-05-17 15:11 4471072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-18 23:24 . 2006-09-23 14:11 -------- d-----w- c:\program files\SuperCopier2
2009-09-17 02:49 . 2007-05-17 15:11 421040 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-17 02:49 . 2007-05-17 15:11 1901960 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 18:35 . 2009-06-28 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:57 . 2009-07-27 20:57 23040 --sha-w- c:\windows\system32\algp.dll
2009-07-24 19:59 . 2006-09-30 15:30 -------- d-----w- c:\program files\France Télécom ADSL
2009-07-21 23:52 . 2009-07-21 23:52 -------- d-----w- c:\documents and settings\Administrateur.GWADADA\Application Data\SUPERAntiSpyware.com
2009-07-16 18:41 . 2004-08-05 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-16 18:41 . 2004-08-05 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-26 20:29 . 2009-03-28 03:41 156 ----a-w- c:\windows\system32\jpg.dat
2007-02-16 23:32 . 2007-02-16 23:31 236 ----a-w- c:\program files\PerfectLameXP.bat
2007-02-16 23:29 . 2007-02-16 23:29 4828 ----a-w- c:\program files\ST6UNST.LOG
2006-06-22 03:54 . 2008-03-01 16:46 743936 ----a-w- c:\program files\Promesse Patcher.exe
2002-05-26 00:29 . 2002-05-26 00:29 179 ----a-w- c:\program files\Important.txt
2002-05-26 00:27 . 2002-05-26 00:27 294912 ----a-w- c:\program files\PerfectLameXP.exe
2002-03-16 12:05 . 2002-03-16 12:05 489 ----a-w- c:\program files\PerfectLameXP.exe.manifest
2001-07-06 00:51 . 2001-07-06 00:51 495616 ----a-w- c:\program files\Lame.exe
1999-04-06 17:27 . 1999-04-06 17:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
------- Sigcheck -------
[-] C34920EB988CE98910BD6B0417F334EB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 4D88AAF39ADABFE45958EA1384E2C4FF [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[7] E46FB493E3B33704F0715020CF52106B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] 0DF75FB73F705B011630159A43D7C354 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[7] E853F84D3CE2FAA2A802E33CF89AC023 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\user32.dll
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\explorer.exe
[-] B795475444D6D57A572C14B9E1A29839 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 90E794C5D2D368686FE71B4A0354462C [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[7] F2317622D29F9FF0F88AEECD5F60F0DD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe
[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] B4EF928E4FAD79364A80ACBA6D999934 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 460E4CE148BD07218DA0B6A3D31885A9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\system32\spoolsv.exe
[-] C9FA05D271A0066764FE75BE38E24D69 [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2490CAE37DB8B6EC55E7A9415473D0AB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[7] 8E5231171AD6595FF002E848CC54FCD7 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\system32\tapisrv.dll
[-] 31748843AD5811351B115CC52CEA8D77 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[7] 624CF700BBFD8BE4097AAA146E6BD363 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[7] BE0CB143FA427D93440DED18DB8C918B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\system32\netman.dll
[-] D9BD4CCA0533401B6609E47FF74F40DC [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 9D21BC0235494F2B403026A1D3619E00 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[7] 5C64008E661307C4A3C3C25D9086CDE7 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\system32\linkinfo.dll
[-] 385DB2591BF11955F26E0A97728B1B31 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 168AE9938F6BE31D198AF92496CCFA33 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[7] BD8166A495B02308F364B36249475F22 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\upnphost.dll
[-] 1839CDF416A5AA8BF2EFE377F57452CC [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[7] B590E69A45AE8FCBF7DDADE89CCE3588 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[7] B9F20D71E5B6CE89A7A94B38351FDBDC [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-21 2068527]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FDFWATCH"="c:\progra~1\FRANCE~1\Watch.exe" [2003-07-17 20480]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-17 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"GSICONEXE"="GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-01-22 90112]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2002-01-22 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Marie Jos‚e\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-6-24 3428864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-9-10 839680]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\RaTaM-ScRiPtV3\\RaTaM-ScRiPtV3.0\\RaTaM-ScRiPtV3.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\fichiers\\Bobot v1.40 Binaries\\Bobot.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12652:TCP"= 12652:TCP:NortonAV
"16748:TCP"= 16748:TCP:NortonAV
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S2 gafwload;ECI Telecom USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [30/09/2006 11:36 26987]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [10/09/2008 15:07 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [10/09/2008 15:07 114616]
S3 npkycryp;npkycryp;\??\c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys --> c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [21/10/2006 18:27 152576]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [11/10/2008 23:55 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [11/10/2008 23:55 37440]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2007-01-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8159753047.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
2009-09-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 19:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MARIEJ~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-18 19:34
ComboFix-quarantined-files.txt 2009-09-18 23:33
ComboFix2.txt 2009-09-15 01:59
ComboFix3.txt 2009-09-09 21:28
Pre-Run: 17 971 986 432 octets libres
Post-Run: 17 941 438 464 octets libres
225 --- E O F --- 2009-07-22 21:29
Et maintenant, le rapport de Gmer, sur cijoint :
http://www.cijoint.fr/cjlink.php?file=cj200909/cijHttCi6I.txt
ComboFix 09-09-06.06 - Marie Josée 18/09/2009 19:28.4.1 - NTFSx86
Microsoft Windows XP Édition familiale 5.1.2600.3.1252.33.1036.18.447.162 [GMT -4:00]
Running from: c:\documents and settings\Marie Josée\Bureau\TapeMoi.exe
Command switches used :: c:\documents and settings\Marie Josée\Bureau\CFScript.txt
AV: Kaspersky Anti-Virus *On-access scanning disabled* (Outdated) {2C4D4BC6-0793-4956-A9F9-E252435469C0}
.
- REDUCED FUNCTIONALITY MODE -
.
The following files were disabled during the run:
c:\program files\SuperCopier2\SC2Hook.dll
((((((((((((((((((((((((( Files Created from 2009-08-18 to 2009-09-18 )))))))))))))))))))))))))))))))
.
2009-08-26 19:37 . 2009-08-26 19:37 -------- d-----w- c:\documents and settings\Dadaille\Application Data\Malwarebytes
2009-08-24 15:00 . 2009-08-24 15:00 -------- d-----w- C:\Kill'em
.
(((((((((((((((((((((((((((((((((((((((( Find3M Report ))))))))))))))))))))))))))))))))))))))))))))))))))))
.
2009-09-18 23:29 . 2007-05-17 15:11 141878048 --sha-w- c:\windows\system32\drivers\fidbox.dat
2009-09-18 23:29 . 2007-05-17 15:11 4471072 --sha-w- c:\windows\system32\drivers\fidbox2.dat
2009-09-18 23:24 . 2006-09-23 14:11 -------- d-----w- c:\program files\SuperCopier2
2009-09-17 02:49 . 2007-05-17 15:11 421040 --sha-w- c:\windows\system32\drivers\fidbox2.idx
2009-09-17 02:49 . 2007-05-17 15:11 1901960 --sha-w- c:\windows\system32\drivers\fidbox.idx
2009-09-05 18:35 . 2009-06-28 18:23 -------- d-----w- c:\program files\Malwarebytes' Anti-Malware
2009-07-27 20:57 . 2009-07-27 20:57 23040 --sha-w- c:\windows\system32\algp.dll
2009-07-24 19:59 . 2006-09-30 15:30 -------- d-----w- c:\program files\France Télécom ADSL
2009-07-21 23:52 . 2009-07-21 23:52 -------- d-----w- c:\documents and settings\Administrateur.GWADADA\Application Data\SUPERAntiSpyware.com
2009-07-16 18:41 . 2004-08-05 12:00 48616 ----a-w- c:\windows\system32\perfc00C.dat
2009-07-16 18:41 . 2004-08-05 12:00 367658 ----a-w- c:\windows\system32\perfh00C.dat
2009-06-26 20:29 . 2009-03-28 03:41 156 ----a-w- c:\windows\system32\jpg.dat
2007-02-16 23:32 . 2007-02-16 23:31 236 ----a-w- c:\program files\PerfectLameXP.bat
2007-02-16 23:29 . 2007-02-16 23:29 4828 ----a-w- c:\program files\ST6UNST.LOG
2006-06-22 03:54 . 2008-03-01 16:46 743936 ----a-w- c:\program files\Promesse Patcher.exe
2002-05-26 00:29 . 2002-05-26 00:29 179 ----a-w- c:\program files\Important.txt
2002-05-26 00:27 . 2002-05-26 00:27 294912 ----a-w- c:\program files\PerfectLameXP.exe
2002-03-16 12:05 . 2002-03-16 12:05 489 ----a-w- c:\program files\PerfectLameXP.exe.manifest
2001-07-06 00:51 . 2001-07-06 00:51 495616 ----a-w- c:\program files\Lame.exe
1999-04-06 17:27 . 1999-04-06 17:27 99840 ----a-w- c:\program files\Fichiers communs\IRAABOUT.DLL
1998-12-09 07:53 . 1998-12-09 07:53 70144 ----a-w- c:\program files\Fichiers communs\IRAMDMTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 48640 ----a-w- c:\program files\Fichiers communs\IRALPTTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 31744 ----a-w- c:\program files\Fichiers communs\IRAWEBTR.DLL
1998-12-09 07:53 . 1998-12-09 07:53 186368 ----a-w- c:\program files\Fichiers communs\IRAREG.DLL
1998-12-09 07:53 . 1998-12-09 07:53 17920 ----a-w- c:\program files\Fichiers communs\IRASRIAL.DLL
.
------- Sigcheck -------
[-] C34920EB988CE98910BD6B0417F334EB [5.1.2600.2622 (xpsp.050301-1521)] c:\windows\$hf_mig$\KB890859\SP2QFE\user32.dll
[-] 4D88AAF39ADABFE45958EA1384E2C4FF [5.1.2600.3099 (xpsp_sp2_qfe.070308-0217)] c:\windows\$hf_mig$\KB925902\SP2QFE\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\$NtServicePackUninstall$\user32.dll
[7] E46FB493E3B33704F0715020CF52106B [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB890859$\user32.dll
[-] 0DF75FB73F705B011630159A43D7C354 [5.1.2600.2622 (xpsp_sp2_gdr.050301-1519)] c:\windows\$NtUninstallKB925902$\user32.dll
[7] E853F84D3CE2FAA2A802E33CF89AC023 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\user32.dll
[-] 753354F594809A9B96F73999B435A533 [5.1.2600.3099 (xpsp_sp2_gdr.070308-0222)] c:\windows\system32\user32.dll
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\explorer.exe
[-] B795475444D6D57A572C14B9E1A29839 [6.00.2900.3156 (xpsp_sp2_qfe.070613-1311)] c:\windows\$hf_mig$\KB938828\SP2QFE\explorer.exe
[-] D0288319660EDCFED07C7E74C4EA38A5 [6.00.2900.3156 (xpsp_sp2_gdr.070613-1234)] c:\windows\$NtServicePackUninstall$\explorer.exe
[-] 90E794C5D2D368686FE71B4A0354462C [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB938828$\explorer.exe
[7] F2317622D29F9FF0F88AEECD5F60F0DD [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\explorer.exe
[-] AD3D9D191AEA7B5445FE1D82FFBB4788 [5.1.2600.2696 (xpsp.050610-1527)] c:\windows\$hf_mig$\KB896423\SP2QFE\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\$NtServicePackUninstall$\spoolsv.exe
[7] B4EF928E4FAD79364A80ACBA6D999934 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB896423$\spoolsv.exe
[7] 460E4CE148BD07218DA0B6A3D31885A9 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\spoolsv.exe
[-] DA81EC57ACD4CDC3D4C51CF3D409AF9F [5.1.2600.2696 (xpsp_sp2_gdr.050610-1519)] c:\windows\system32\spoolsv.exe
[-] C9FA05D271A0066764FE75BE38E24D69 [5.1.2600.2716 (xpsp.050707-1657)] c:\windows\$hf_mig$\KB893756\SP2QFE\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\$NtServicePackUninstall$\tapisrv.dll
[7] 2490CAE37DB8B6EC55E7A9415473D0AB [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB893756$\tapisrv.dll
[7] 8E5231171AD6595FF002E848CC54FCD7 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\tapisrv.dll
[-] 720DA0C9DB8996AD9B7F5164B2242DAA [5.1.2600.2716 (xpsp_sp2_gdr.050707-1657)] c:\windows\system32\tapisrv.dll
[-] 31748843AD5811351B115CC52CEA8D77 [5.1.2600.2743 (xpsp.050819-1528)] c:\windows\$hf_mig$\KB905414\SP2QFE\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\$NtServicePackUninstall$\netman.dll
[7] 624CF700BBFD8BE4097AAA146E6BD363 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB905414$\netman.dll
[7] BE0CB143FA427D93440DED18DB8C918B [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\netman.dll
[-] 0D55724D88488BBFC53BC2EA219240F3 [5.1.2600.2743 (xpsp_sp2_gdr.050819-1525)] c:\windows\system32\netman.dll
[-] D9BD4CCA0533401B6609E47FF74F40DC [5.1.2600.2751 (xpsp.050831-1531)] c:\windows\$hf_mig$\KB900725\SP2QFE\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\$NtServicePackUninstall$\linkinfo.dll
[7] 9D21BC0235494F2B403026A1D3619E00 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB900725$\linkinfo.dll
[7] 5C64008E661307C4A3C3C25D9086CDE7 [5.1.2600.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\linkinfo.dll
[-] 8D9A075C065DFE1228688D10155D6624 [5.1.2600.2751 (xpsp_sp2_gdr.050831-1520)] c:\windows\system32\linkinfo.dll
[-] 385DB2591BF11955F26E0A97728B1B31 [5.1.2600.3077 (xpsp_sp2_qfe.070205-0007)] c:\windows\$hf_mig$\KB931261\SP2QFE\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\$NtServicePackUninstall$\upnphost.dll
[7] 168AE9938F6BE31D198AF92496CCFA33 [5.1.2600.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB931261$\upnphost.dll
[7] BD8166A495B02308F364B36249475F22 [5.1.2600.5512 (xpsp.080413-0852)] c:\windows\ServicePackFiles\i386\upnphost.dll
[-] 96B3C690ED82E36E04C130F916E3AE91 [5.1.2600.3077 (xpsp_sp2_gdr.070204-2255)] c:\windows\system32\upnphost.dll
[-] 1839CDF416A5AA8BF2EFE377F57452CC [6.00.2900.3051 (xpsp_sp2_qfe.061219-0311)] c:\windows\$hf_mig$\KB928255\SP2QFE\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\$NtServicePackUninstall$\shsvcs.dll
[7] B590E69A45AE8FCBF7DDADE89CCE3588 [6.00.2900.2180 (xpsp_sp2_rtm.040803-2158)] c:\windows\$NtUninstallKB928255$\shsvcs.dll
[7] B9F20D71E5B6CE89A7A94B38351FDBDC [6.00.2900.5512 (xpsp.080413-2105)] c:\windows\ServicePackFiles\i386\shsvcs.dll
[-] D7DFBD1EFA149EC158363B974DAE0C6B [6.00.2900.3051 (xpsp_sp2_gdr.061219-0316)] c:\windows\system32\shsvcs.dll
.
((((((((((((((((((((((((((((((((((((( Reg Loading Points ))))))))))))))))))))))))))))))))))))))))))))))))))
.
.
*Note* empty entries & legit default entries are not shown
REGEDIT4
[HKEY_CURRENT_USER\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SuperCopier2.exe"="c:\program files\SuperCopier2\SuperCopier2.exe" [2005-03-13 1057280]
"swg"="c:\program files\Google\GoogleToolbarNotifier\GoogleToolbarNotifier.exe" [2007-12-13 68856]
"Free Download Manager"="c:\program files\Free Download Manager\fdm.exe" [2006-08-21 2068527]
"msnmsgr"="c:\program files\Windows Live\Messenger\msnmsgr.exe" [2007-10-18 5724184]
"SUPERAntiSpyware"="c:\program files\SUPERAntiSpyware\SUPERAntiSpyware.exe" [2009-06-23 1830128]
[HKEY_LOCAL_MACHINE\SOFTWARE\Microsoft\Windows\CurrentVersion\Run]
"SunJavaUpdateSched"="c:\program files\Java\jre1.6.0_01\bin\jusched.exe" [2007-03-14 83608]
"NeroFilterCheck"="c:\windows\system32\NeroCheck.exe" [2001-07-09 155648]
"FDFWATCH"="c:\progra~1\FRANCE~1\Watch.exe" [2003-07-17 20480]
"LVCOMS"="c:\program files\Fichiers communs\Logitech\QCDriver2\LVCOMS.EXE" [2003-09-04 135214]
"TkBellExe"="c:\program files\Fichiers communs\Real\Update_OB\realsched.exe" [2007-01-17 185896]
"QuickTime Task"="c:\program files\QuickTime\QTTask.exe" [2007-06-29 286720]
"VTTimer"="VTTimer.exe" - c:\windows\system32\VTTimer.exe [2005-03-07 53248]
"VTTrayp"="VTtrayp.exe" - c:\windows\system32\VTTrayp.exe [2005-10-31 163840]
"GSICONEXE"="GSICON.EXE" - c:\windows\system32\gsicon.exe [2002-01-22 90112]
"DSLAGENTEXE"="dslagent.exe" - c:\windows\system32\dslagent.exe [2002-01-22 16384]
[HKEY_USERS\.DEFAULT\Software\Microsoft\Windows\CurrentVersion\Run]
"CTFMON.EXE"="c:\windows\system32\CTFMON.EXE" [2004-08-05 15360]
c:\documents and settings\Marie Jos‚e\Menu D‚marrer\Programmes\D‚marrage\
MSN Pictures Displayer.lnk - c:\program files\MSN Pictures Displayer\MSN Pictures Displayer.exe [2007-6-24 3428864]
c:\documents and settings\All Users\Menu D‚marrer\Programmes\D‚marrage\
DSLMON.lnk - c:\program files\SAGEM\SAGEM F@st 800-840\dslmon.exe [2008-9-10 839680]
hp psc 1000 series.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpohmr08.exe [2003-4-6 147456]
hpoddt01.exe.lnk - c:\program files\Hewlett-Packard\Digital Imaging\bin\hpotdd01.exe [2003-4-6 28672]
Lancement rapide d'Adobe Reader.lnk - c:\program files\Adobe\Acrobat 7.0\Reader\reader_sl.exe [2005-9-23 29696]
Microsoft Office.lnk - c:\program files\Microsoft Office\Office\OSA9.EXE [1999-2-17 65588]
WinZip Quick Pick.lnk - c:\program files\WinZip\WZQKPICK.EXE [2006-10-31 122880]
[hkey_local_machine\software\microsoft\windows\currentversion\explorer\ShellExecuteHooks]
"{5AE067D3-9AFB-48E0-853A-EBB7F4A000DA}"= "c:\program files\SUPERAntiSpyware\SASSEH.DLL" [2008-05-13 77824]
[HKEY_LOCAL_MACHINE\software\microsoft\windows nt\currentversion\winlogon\notify\!SASWinLogon]
2008-12-22 16:05 356352 ----a-w- c:\program files\SUPERAntiSpyware\SASWINLO.dll
[HKEY_LOCAL_MACHINE\software\microsoft\security center\Monitoring\KasperskyAntiVirus]
"DisableMonitoring"=dword:00000001
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\AuthorizedApplications\List]
"%windir%\\system32\\sessmgr.exe"=
"c:\\StubInstaller.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\RaTaM-ScRiPtV3\\RaTaM-ScRiPtV3.0\\RaTaM-ScRiPtV3.exe"=
"c:\\Documents and Settings\\Marie Josée\\Mes documents\\fichiers\\Bobot v1.40 Binaries\\Bobot.exe"=
"c:\\Program Files\\Real\\RealOne Player\\realplay.exe"=
"c:\\Program Files\\Azureus\\Azureus.exe"=
"c:\\WINDOWS\\system32\\dpvsetup.exe"=
"c:\\Program Files\\LimeWire\\LimeWire.exe"=
"c:\\Program Files\\eMule\\emule.exe"=
"c:\\Program Files\\Kaspersky Lab\\Kaspersky Anti-Virus 6.0\\avp.exe"=
"c:\\Program Files\\Warcraft III\\Warcraft III.exe"=
"c:\\WINDOWS\\system32\\rtcshare.exe"=
"c:\\Program Files\\NetMeeting\\conf.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\msnmsgr.exe"=
"c:\\Program Files\\Windows Live\\Messenger\\livecall.exe"=
"c:\\Program Files\\Skype\\Phone\\Skype.exe"=
"c:\\ijji\\ENGLISH\\u_gunz.exe"=
"%windir%\\Network Diagnostic\\xpnetdiag.exe"=
[HKLM\~\services\sharedaccess\parameters\firewallpolicy\standardprofile\GloballyOpenPorts\List]
"12652:TCP"= 12652:TCP:NortonAV
"16748:TCP"= 16748:TCP:NortonAV
R1 SASDIFSV;SASDIFSV;c:\program files\SUPERAntiSpyware\sasdifsv.sys [23/06/2009 11:01 9968]
R1 SASKUTIL;SASKUTIL;c:\program files\SUPERAntiSpyware\SASKUTIL.SYS [23/06/2009 11:01 72944]
R3 SASENUM;SASENUM;c:\program files\SUPERAntiSpyware\SASENUM.SYS [23/06/2009 11:01 7408]
S2 gafwload;ECI Telecom USB ADSL Loader;c:\windows\system32\drivers\gafwload.sys [30/09/2006 11:36 26987]
S2 IKANLOADER2;General Purpose USB Driver (e4ldr.sys);c:\windows\system32\drivers\e4ldr.sys [10/09/2008 15:07 63555]
S3 e4usbaw;USB ADSL2 WAN Adapter;c:\windows\system32\drivers\e4usbaw.sys [10/09/2008 15:07 114616]
S3 npkycryp;npkycryp;\??\c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys --> c:\documents and settings\Marie Josée\Mes documents\Nouveau dossier\Garden Angel RO\npkycryp.sys [?]
S3 PID_0920;Logitech QuickCam Express(PID_0920);c:\windows\system32\drivers\LV532AV.SYS [21/10/2006 18:27 152576]
S3 PsSdk31;PsSdk31;c:\windows\system32\drivers\pssdk31.drv [11/10/2008 23:55 30272]
S3 PsSdkLBF;PsSdkLBF;c:\windows\system32\drivers\pssdklbf.drv [11/10/2008 23:55 37440]
--- Other Services/Drivers In Memory ---
*Deregistered* - mchInjDrv
.
Contents of the 'Scheduled Tasks' folder
2009-07-23 c:\windows\Tasks\AppleSoftwareUpdate.job
- c:\program files\Apple Software Update\SoftwareUpdate.exe [2007-01-10 19:42]
2007-01-03 c:\windows\Tasks\FRU Task 2003-04-06 08:52ewlett-Packard2003-04-06 08:52p psc 1100 series5E771253C1676EBED677BF361FDFC537825E15B8159753047.job
- c:\program files\Hewlett-Packard\Digital Imaging\Bin\hpqfrucl.exe [2003-04-06 04:52]
2009-09-17 c:\windows\Tasks\Vérifier les mises à jour de Windows Live Toolbar.job
- c:\program files\Windows Live Toolbar\MSNTBUP.EXE [2007-10-19 15:20]
.
.
------- Supplementary Scan -------
.
uSearchMigratedDefaultURL = hxxp://www.google.com/search?q={searchTerms}&sourceid=ie7&rls=com.microsoft:en-US&ie=utf8&oe=utf8
uStart Page = hxxp://www.msn.fr/
uSearchURL,(Default) = hxxp://g.msn.fr/0SEFRFR/SAOS01?FORM=TOOLBR
IE: &NeoTrace It! - c:\progra~1\NEOTRA~1\NTXcontext.htm
IE: &Windows Live Search - c:\program files\Windows Live Toolbar\msntb.dll/search.htm
IE: Download all with Free Download Manager - file://c:\program files\Free Download Manager\dlall.htm
IE: Download selected with Free Download Manager - file://c:\program files\Free Download Manager\dlselected.htm
IE: Download with Free Download Manager - file://c:\program files\Free Download Manager\dllink.htm
.
**************************************************************************
catchme 0.3.1398 W2K/XP/Vista - rootkit/stealth malware detector by Gmer, http://www.gmer.net
Rootkit scan 2009-09-18 19:29
Windows 5.1.2600 Service Pack 3 NTFS
scanning hidden processes ...
scanning hidden autostart entries ...
scanning hidden files ...
scan completed successfully
hidden files: 0
**************************************************************************
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\mchInjDrv]
"ImagePath"="\??\c:\docume~1\MARIEJ~1\LOCALS~1\Temp\mc22.tmp"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdk31]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdk31.drv"
[HKEY_LOCAL_MACHINE\System\ControlSet001\Services\PsSdkLBF]
"ImagePath"="\??\c:\windows\system32\Drivers\pssdklbf.drv"
.
--------------------- LOCKED REGISTRY KEYS ---------------------
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\IMAIL]
@DACL=(02 0000)
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MAPI]
@DACL=(02 0000)
"NoChange"="1"
"Installed"="1"
[HKEY_LOCAL_MACHINE\software\Microsoft\Windows\CurrentVersion\Run\OptionalComponents\MSFS]
@DACL=(02 0000)
"Installed"="1"
.
--------------------- DLLs Loaded Under Running Processes ---------------------
- - - - - - - > 'winlogon.exe'(608)
c:\program files\SUPERAntiSpyware\SASWINLO.dll
c:\windows\system32\klogon.dll
- - - - - - - > 'explorer.exe'(120)
c:\windows\system32\WPDShServiceObj.dll
c:\windows\system32\PortableDeviceTypes.dll
c:\windows\system32\PortableDeviceApi.dll
.
Completion time: 2009-09-18 19:34
ComboFix-quarantined-files.txt 2009-09-18 23:33
ComboFix2.txt 2009-09-15 01:59
ComboFix3.txt 2009-09-09 21:28
Pre-Run: 17 971 986 432 octets libres
Post-Run: 17 941 438 464 octets libres
225 --- E O F --- 2009-07-22 21:29
Et maintenant, le rapport de Gmer, sur cijoint :
http://www.cijoint.fr/cjlink.php?file=cj200909/cijHttCi6I.txt
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
19 sept. 2009 à 15:12
19 sept. 2009 à 15:12
Re,
ça n'as pas fonctionné !
▶ Double clic sur OTL.exe pour le lancer.
▶ Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Customs Scans/Fixes "
:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub]
:Commands
[Emptytemp]
[Start explorer]
[Reboot]
▶ Clique sur " RunFix " pour lancer la suppression.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
▶ Au redémarrage , autorise OTL a s'exécuter.
▶ Poste le rapport généré par OTL.
=====
Repasse Gmer puis colle le rapport ...
ça n'as pas fonctionné !
▶ Double clic sur OTL.exe pour le lancer.
▶ Copie la liste qui se trouve en gras ci-dessous, et colle-la dans la zone sous " Customs Scans/Fixes "
:Processes
explorer.exe
:Reg
[-HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub]
:Commands
[Emptytemp]
[Start explorer]
[Reboot]
▶ Clique sur " RunFix " pour lancer la suppression.
▶ Si un fichier ou dossier ne peut pas être supprimé immédiatement, le logiciel te demandera de redémarrer. Accepte en cliquant sur YES.
▶ Au redémarrage , autorise OTL a s'exécuter.
▶ Poste le rapport généré par OTL.
=====
Repasse Gmer puis colle le rapport ...
PwnedbyMalwares
Messages postés
6
Date d'inscription
mardi 14 juillet 2009
Statut
Membre
Dernière intervention
18 août 2009
23 sept. 2009 à 17:46
23 sept. 2009 à 17:46
Voilà, désolé pour le retard ^^. Rapport OTL :
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrateur.GWADADA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Dadaille
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: Marie Josée
User: Marie-José
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,14 mb
OTL by OldTimer - Version 3.0.7.1 log created on 09212009_212147
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Lien pour le rapport GMER :
http://www.cijoint.fr/cjlink.php?file=cj200909/cijRV2UKCo.txt
Alors ?
All processes killed
========== PROCESSES ==========
Process explorer.exe killed successfully!
========== REGISTRY ==========
Registry key HKEY_LOCAL_MACHINE\System\ControlSet002\Services\SKYNEToyxwpxub\ deleted successfully.
========== COMMANDS ==========
[EMPTYTEMP]
User: Administrateur
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: Administrateur.GWADADA
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 33170 bytes
User: All Users
User: Dadaille
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 78991 bytes
->Java cache emptied: 0 bytes
User: Default User
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 0 bytes
User: LocalService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 32835 bytes
User: Marie Josée
User: Marie-José
User: NetworkService
->Temp folder emptied: 0 bytes
->Temporary Internet Files folder emptied: 67 bytes
%systemdrive% .tmp files removed: 0 bytes
%systemroot% .tmp files removed: 0 bytes
%systemroot%\System32 .tmp files removed: 0 bytes
Windows Temp folder emptied: 255 bytes
RecycleBin emptied: 0 bytes
Total Files Cleaned = 0,14 mb
OTL by OldTimer - Version 3.0.7.1 log created on 09212009_212147
Files\Folders moved on Reboot...
Registry entries deleted on Reboot...
Lien pour le rapport GMER :
http://www.cijoint.fr/cjlink.php?file=cj200909/cijRV2UKCo.txt
Alors ?
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
23 sept. 2009 à 20:08
23 sept. 2009 à 20:08
Salut,
Très bien , il a fonctionné !! :)
Refais MalwareBytes' , pour être sur.
> https://forums.commentcamarche.net/forum/affich-13358234-gros-probleme-avec-system-security?page=2#32
Puis :
Fais un scan en ligne avec Kaspersky (avec Internet Explorer)
▶ En bas à droite, clique sur Démarrer Online-scanner
▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
▶ Accepte les Contrôles ActiveX
▶ Choisis Poste de travail pour le scan.
▶ A la fin du scan, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.
▶ Pour t'aider à utiliser le scan en ligne, consulte le Tutoriel Kaspersky online scanner
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
A+
Très bien , il a fonctionné !! :)
Refais MalwareBytes' , pour être sur.
> https://forums.commentcamarche.net/forum/affich-13358234-gros-probleme-avec-system-security?page=2#32
Puis :
Fais un scan en ligne avec Kaspersky (avec Internet Explorer)
▶ En bas à droite, clique sur Démarrer Online-scanner
▶ Dans la nouvelle fenêtre qui s'affiche clique sur J'accepte
▶ Accepte les Contrôles ActiveX
▶ Choisis Poste de travail pour le scan.
▶ A la fin du scan, sauvegarde le rapport (choisis fichier texte) et poste le dans ta prochaine réponse.
▶ Pour t'aider à utiliser le scan en ligne, consulte le Tutoriel Kaspersky online scanner
NOTE : Si tu reçois le message "La licence de Kaspersky On-line Scanner est périmée", va dans Ajout/Suppression de programmes puis désinstalle On-Line Scanner, reconnecte toi sur le site de Kaspersky pour retenter le scan en ligne.
A+
fix200
Messages postés
3243
Date d'inscription
dimanche 28 décembre 2008
Statut
Contributeur sécurité
Dernière intervention
7 février 2011
158
17 oct. 2009 à 13:26
17 oct. 2009 à 13:26
Bonjour PwnedbyMalwares,
Toujours là ?
Toujours là ?